Vulnerability CVE-2009-2687

Vulnerability Name:

CVE-2009-2687 (CCN-51253)

Assigned:

2009-06-18

Published:

2009-06-18

Updated:

2023-01-19

Summary:

The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.2 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

5.8 Medium (REDHAT CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P)
4.3 Medium (REDHAT Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): Partial

Vulnerability Consequences:

Denial of Service

References:

Source: cve@mitre.org
Type: Exploit, Vendor Advisory
cve@mitre.org

Source: MITRE
Type: CNA
CVE-2009-2687

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Mailing List, Third Party Advisory
cve@mitre.org

Source: CCN
Type: RHSA-2009-1461
Important: Red Hat Application Stack v2.4 security and enhancement update

Source: CCN
Type: RHSA-2010-0040
Moderate: php security update

Source: CCN
Type: SA35441
PHP "exif_read_data()" Denial of Service

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: DEBIAN
Type: DSA-1940
php5 -- multiple issues

Source: CCN
Type: GLSA-201001-03
PHP: Multiple vulnerabilities

Source: cve@mitre.org
Type: Broken Link
cve@mitre.org

Source: cve@mitre.org
Type: Broken Link
cve@mitre.org

Source: CCN
Type: OSVDB ID: 55222
PHP exif_read_data() Function JPG Handling DoS

Source: CCN
Type: OSVDB ID: 55223
PHP Zip File Property Handling Unspecified Memory Corruption

Source: CCN
Type: OSVDB ID: 55224
PHP on Windows Multiple Function safe_mode Bypass

Source: CCN
Type: PHP Web site
PHP 5.2.10 Release Announcement

Source: cve@mitre.org
Type: Patch, Vendor Advisory
cve@mitre.org

Source: CCN
Type: BID-35440
PHP 'exif_read_data()' JPEG Image Processing Denial Of Service Vulnerability

Source: cve@mitre.org
Type: Patch, Third Party Advisory, VDB Entry
cve@mitre.org

Source: CCN
Type: USN-824-1
PHP vulnerability

Source: cve@mitre.org
Type: Patch, Vendor Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory, VDB Entry
cve@mitre.org

Source: XF
Type: UNKNOWN
php-exifreaddata-dos(51253)

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Third Party Advisory
cve@mitre.org

Source: cve@mitre.org
Type: Broken Link
cve@mitre.org

Source: SUSE
Type: SUSE-SR:2009:017
SUSE Security Summary Report

Source: SUSE
Type: SUSE-SR:2010:005
SUSE Security Summary Report

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:4:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

Configuration RedHat 6:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 7:

cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

Configuration RedHat 8:

cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

Configuration CCN 1:

cpe:/a:php:php:5.2.0:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.1:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.3:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.2:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.4:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.5:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.6:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.7:-:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.8:*:*:*:*:*:*:*

OR cpe:/a:php:php:5.2.9:-:*:*:*:*:*:*

AND

cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*

OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:x86_64:*:*:*:*:*:*

OR cpe:/a:redhat:rhel_application_stack:2:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:*:*:*:*:*:*:*

OR cpe:/o:canonical:ubuntu:8.04::lts:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:*

OR cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.1:*:*:*:*:*:*:*

OR cpe:/o:mandriva:linux:2009.1:*:*:*:x86_64:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20092687	V	CVE-2009-2687	2022-05-20
oval:org.opensuse.security:def:31224	P	Security update for the Linux Kernel (Live Patch 39 for SLE 12 SP3) (Important)	2021-07-21
oval:org.opensuse.security:def:42077	P	Security update for curl (Moderate)	2021-05-26
oval:org.opensuse.security:def:31150	P	Security update for xorg-x11-server (Important)	2021-04-14
oval:org.opensuse.security:def:31748	P	Security update for openssl (Moderate)	2021-03-24
oval:org.opensuse.security:def:31356	P	Security update for python (Moderate)	2021-03-16
oval:org.opensuse.security:def:35670	P	apache2-mod_php5-5.2.14-0.7.24.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:31448	P	Security update for postgresql-init (Moderate)	2020-12-01
oval:org.opensuse.security:def:25233	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:32596	P	postgresql on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25939	P	Security update for gstreamer-0_10-plugins-base (Moderate)	2020-12-01
oval:org.opensuse.security:def:31592	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:25425	P	Security update for bluez (Important)	2020-12-01
oval:org.opensuse.security:def:31138	P	Security update for lcms	2020-12-01
oval:org.opensuse.security:def:25997	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31804	P	Security update for ant (Moderate)	2020-12-01
oval:org.opensuse.security:def:25563	P	Security update for xrdp (Important)	2020-12-01
oval:org.opensuse.security:def:26670	P	apache2-mod_php5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31892	P	Security update for expat (Moderate)	2020-12-01
oval:org.opensuse.security:def:25798	P	Security update for flash-player (Critical)	2020-12-01
oval:org.opensuse.security:def:25222	P	Security update for java-1_8_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:31958	P	Security update for gtk2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25900	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31505	P	Security update for python27 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25297	P	Security update for libX11 (Important)	2020-12-01
oval:org.opensuse.security:def:32635	P	apache2-mod_php5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25953	P	Security update for gcc48 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25506	P	Security update for openexr (Moderate)	2020-12-01
oval:org.opensuse.security:def:31139	P	Security update for less (Moderate)	2020-12-01
oval:org.opensuse.security:def:26635	P	quagga on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31853	P	Security update for coreutils (Important)	2020-12-01
oval:org.opensuse.security:def:25647	P	Security update for freetype2 (Important)	2020-12-01
oval:org.opensuse.security:def:25221	P	Security update for sysstat (Moderate)	2020-12-01
oval:org.opensuse.security:def:31914	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:25851	P	Security update for freerdp (Moderate)	2020-12-01
oval:org.mitre.oval:def:6655	V	HP-UX Running Apache with PHP, Remote Denial of Service (DoS), Unauthorized Access, Privileged Access, Cross Site Scripting (XSS)	2015-04-20
oval:org.mitre.oval:def:13370	P	USN-824-1 -- php5 vulnerability	2014-06-30
oval:org.mitre.oval:def:13519	P	DSA-1940-1 php5 -- multiple issues	2014-06-23
oval:org.mitre.oval:def:7890	P	DSA-1940 php5 -- multiple issues	2014-06-23
oval:org.mitre.oval:def:23025	P	ELSA-2010:0040: php security update (Moderate)	2014-05-26
oval:org.mitre.oval:def:21391	P	RHSA-2010:0040: php security update (Moderate)	2014-02-24
oval:org.mitre.oval:def:10695	V	The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353.	2013-04-29
oval:com.redhat.rhsa:def:20100040	P	RHSA-2010:0040: php security update (Moderate)	2010-01-13
oval:org.debian:def:1940	V	multiple issues	2009-11-25

BACK